CN106941491A - The safety application data link layer device and communication means of power information acquisition system - Google Patents
The safety application data link layer device and communication means of power information acquisition system Download PDFInfo
- Publication number
- CN106941491A CN106941491A CN201710197813.8A CN201710197813A CN106941491A CN 106941491 A CN106941491 A CN 106941491A CN 201710197813 A CN201710197813 A CN 201710197813A CN 106941491 A CN106941491 A CN 106941491A
- Authority
- CN
- China
- Prior art keywords
- sal
- data
- terminal
- session
- data frames
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The safety application data link layer communications method of power information acquisition system of the present invention includes:Terminal tissue safety application data link layer SAL is logged in, heartbeat message is with logging on communication server;Session is set up between terminal and acquisition server;Acquisition server initiates data interaction;Terminal reported data;Wherein, during the acquisition server initiates data exchange process and terminal reported data; carry out realizing the encipherment protection of data between terminal and security gateway using ssl protocol form encapsulation of data during data interaction, carry out realizing the encipherment protection of data between security gateway and acquisition server using APP protocol format encapsulation of data during data interaction.The present invention establishes power information acquisition system link layer encryption protection communication means, adds the security of power information acquisition system on the basis of the existing application layer encryption agreement based on key and digital certificate management service system.
Description
Technical field
The present invention relates to information security field, and more particularly, to a kind of safety applications number of power information system
According to link layer device and communication means.
Background technology
Since 2009, State Grid Corporation of China with " all standing, full collection, control in full " for construction object, according to " unified rule
Draw, unified standard, unified implementation " principle promote power information acquisition system construction.So far, add up that intelligence electricity is installed
Can 3.84 hundred million, table, power information acquisition system covering power consumer more than 400,000,000.At present, 27 province's public affairs of State Grid Corporation of China's system
The acquisition system main website construction of department has been fully completed and put into operation, and gathered data is in counting cost by gas meter, business inspection, line loss point
Analysis, Business Process System, breakdown repair, ordered electric, interactive service, electricity transaction, distribution network operation and electric energy quality monitoring etc. are more
It is applied in item business.
Currently, power information acquisition system information integration degree, degrees of fusion are higher, and system dependence is stronger, operation system it
Between, real-time, interactive more enriches and frequently, the terminal quantity of system access is huge, type is more between operation system and extraneous user
Sample, causes the increasingly sophisticated of its running environment.And also showed for the attack pattern and intensity of power information acquisition system
The trend of liter.In order to tackle the concrete condition occurred when security risk and practical application that power information acquisition system faces, state
Family's grid company has built unified key and digital certificate management service system, have studied power information safety protection technique,
And authentication and the Encryption Transmission Protocol of power user power consumption information acquisition system are devised, the security of system has necessarily
Lifting.
However, as power information acquisition system undertakes being continuously increased for portfolio and type of service, it is intrinsic in internet
The influence to power information acquisition system main website of security breaches and attack pattern it is increasingly notable, existing power information security protection
Technology and related protocol can not meet the security requirement of current power information acquisition system.
The content of the invention
In order to solve the above problems, according to an aspect of the invention, there is provided a kind of peace of power information acquisition system
Full application data link layer communications method, including:
Terminal tissue safety application data link layer SAL is logged in, heartbeat message is with logging on communication server;
Session is set up between terminal and acquisition server;
Acquisition server initiates data interaction;
Terminal reported data;
Wherein, during the acquisition server initiates data exchange process and terminal reported data, terminal and peace
Carry out realizing the encipherment protections of data during data interaction using ssl protocol form encapsulation of data between full gateway, security gateway with
Carry out realizing the encipherment protection of data between acquisition server using APP protocol format encapsulation of data during data interaction.
Preferably, set up between the terminal and acquisition server session including acquisition server actively initiate session and
Terminal request initiates session.
Preferably, the terminal tissue safety application data link layer SAL logins, heartbeat message logging on communication server
For:
Terminal tissue safety application data link layer SAL is logged in, heartbeat message, and SAL logins, heartbeat message are sent out
Deliver to the communication server;
The communication server judges the SAL logins, the integrality and legitimacy of heartbeat message, if the SAL is logged in, heartbeat
Message is imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal;If SAL is logged in, heartbeat
Message is complete and legal, then logs in the SAL, heartbeat message is sent to security gateway;
Security gateway judges the SAL logins, the integrality and legitimacy of heartbeat message, if the SAL is logged in, heartbeat report
Text is imperfect or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If SAL is logged in, heartbeat message
Complete and legal, then the value for data coding identification being accorded with into C_APP is changed to 1 and logs in the SAL, heartbeat message is encapsulated as APP
Sent after protocol format to acquisition server;
Acquisition server is logged in the SAL after the encapsulation, heartbeat message carries out deblocking processing, then generates APP agreements
The SAL login responses message of form is simultaneously sent to security gateway;
Security gateway judges the integrality and legitimacy of the SAL login responses message, if the SAL login responses message
It is complete and legal, then C_APP value is changed to 0 and the SAL login response messages of the APP protocol formats are converted into SSL lattice
Formula, sends to the communication server;
The communication server sends the SAL login responses message according to the destination address of the SAL login responses message
To corresponding terminal.
Preferably, the acquisition server actively initiates session and is:
Session key agreement data are encrypted to form privately owned order and send to security gateway for acquisition server, with logical
Know that security gateway sends the request for setting up SAL sessions to terminal;
Security gateway decrypts the privately owned order, obtains session key agreement data, C_APP value is set into 0, composition is built
Vertical session request SAL data frames simultaneously use ssl protocol form to be sent to the communication server after encapsulating;
The communication server will set up session request SAL numbers according to the destination address for setting up session request SAL data frames
Terminal corresponding to destination address is sent according to frame;
Session request SAL data frames are set up described in terminal-pair and carry out data parsing, and verify the acquisition server identity,
Produce the data for setting up session confirmation and be encrypted using terminal secret key, the transmission of session response SAL data frames is set up to constitute
To the communication server;
The communication server checks the integrality and legitimacy for setting up session response SAL data frames, if the foundation meeting
Talk about response SAL data frames imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal, if
The session response SAL data frames of setting up are complete and legal, then send the session response SAL data frames of setting up to safety net
Close;
Security gateway judges the integrality and legitimacy for setting up session response SAL data frames, if described set up session
Response SAL data frames are complete and legal, then session response SAL data frames set up using terminal public key decryption is described, by C_APP's
Value is changed to 1 and is encapsulated as sending to acquisition server after APP protocol formats by the data for obtaining setting up session confirmation;
Acquisition server receives the data for setting up session confirmation of the APP protocol formats, unseals and records terminal and builds
The result of vertical session.
Preferably, the terminal request initiates session and is:
Terminal obtains terminal embedded type security control (ESAM) chip relevant information, and session SAL data are set up in composition request
Frame is simultaneously encapsulated as after ssl protocol form, is sent to the communication server;
The communication server detection integrality and legitimacy for asking to set up session SAL data frames, if the request is built
Vertical session SAL data frames are imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal;If
It is complete and legal that session SAL data frames are set up in request, then the request is set up into session SAL data frames sends to security gateway;
Security gateway judges the integrality and legitimacy for asking to set up session SAL data frames, if the request is set up
Session SAL data frames are imperfect or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If request
Set up session SAL data frames complete and legal, then C_APP value is changed to 1 and session SAL data frames envelope is set up into the request
Fill to send to acquisition server after APP protocol formats;
Acquisition server sets up session SAL data frames to the request after the encapsulation and carries out deblocking processing, composition confirmation/no
Recognize SAL acknowledgement frames, send to security gateway;
C_APP value is changed to 0 by security gateway, will confirm that/deny that SAL acknowledgement frames are encapsulated as sending after ssl protocol form
To the communication server, the communication server is again by the confirmation after encapsulating/deny that SAL acknowledgement frames are sent to terminal.
Preferably, the acquisition server initiates data interaction and is:
Acquisition server composition plaintext 1376.1/ task data (OOP) data frame is simultaneously sent to security gateway;
Security gateway detects the integrality and legitimacy of the plaintext 1376.1/OOP data frames, if the plaintext
1376.1/OOP data frames are complete and legal, C_APP value are changed into 0, and plaintext 1376.1/OOP data frames are based on
The public key of terminal is encrypted and is encapsulated as the SAL data frames of ssl protocol form, sends to the communication server;
The SAL data frames are sent to corresponding terminal by the communication server according to the destination address of SAL data frames;
Terminal-pair SAL data frames are decrypted, and obtain plaintext 1376.1/OOP data frames, constitute bright after data processing
Literary 1376.1/OOP reply datas frame, constitutes SAL reply data frame ciphertexts and sends to the communication server after encryption;
The communication server detects the integrality and legitimacy of the SAL reply datas frame ciphertext, if the SAL reply datas
Frame ciphertext is complete and legal, then the SAL reply datas frame ciphertext is forwarded into security gateway;
Security gateway detects the integrality and legitimacy of the SAL reply datas frame ciphertext, if the SAL reply datas frame
Ciphertext is complete and legal, and decryption obtains plaintext 1376.1/OOP reply data frames, and C_APP value is changed into 1 and by plain text
The data that 1376.1/OOP reply data frames are encapsulated as APP protocol formats are sent to acquisition server;
Acquisition server is received after the plaintext 1376.1/OOP reply data frames after encapsulation, according to plaintext 1376.1/OOP
Reply data frame is handled.
The OOP is task data, and 1376.1/OOP data frames are to meet Q/GDW1376.1-2012 power consumer electricity consumptions
Part 1 in information acquisition system communication protocol:Main website and acquisition terminal communication protocol task data frame.
Preferably, the terminal reported data is:
Terminal generates plaintext 1376.1/OOP data frames, and SAL data frame ciphertexts are formed after encryption and are sent to the communication server;
The communication server detects the integrality and legitimacy of SAL data frame ciphertexts, if the SAL data frames ciphertext is imperfect
Or it is illegal, then communication server composition is denied response SAL messages and sent to terminal;If SAL data frames ciphertext is complete and closes
Method, then send the SAL data frames ciphertext to security gateway;
Security gateway detects the integrality and legitimacy of the SAL data frames ciphertext, if the SAL data frames ciphertext is not complete
Whole or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If SAL data frames ciphertext is complete and closes
Method, then be plaintext 1376.1/OOP data frames by the decryption of SAL data frames ciphertext, C_APP value be changed into 1 and by the plaintext
1376.1/OOP data frames are encapsulated as sending to acquisition server after APP protocol formats;
Acquisition server is received after the plaintext 1376.1/OOP data frames after encapsulation, according to plaintext 1376.1/OOP data
Frame is handled, and composition plaintext 1376.1/OOP reply data frames are sent to security gateway;
Security gateway detects the integrality and legitimacy of the plaintext 1376.1/OOP reply data frames, if the plaintext
1376.1/OOP reply data frames are complete and legal, then C_APP value are changed into 0, and by plaintext 1376.1/OOP reply datas
Frame is encrypted using terminal public key and is encapsulated as the SAL reply data frame ciphertexts of ssl protocol form, is sent to communication service
Device;
The communication server sends the SAL reply datas frame ciphertext according to the destination address of SAL reply data frame ciphertexts
To corresponding terminal;
Terminal, which receives to be decrypted after SAL reply data frame ciphertexts, obtains plaintext 1376.1/OOP reply data frames, and root
Data processing is carried out according to plaintext 1376.1/OOP reply datas content frame.
Preferably, when C_APP value is 0, represent that current data frame encapsulates for ssl protocol form, when C_APP value
For 1 when, it is the encapsulation of APP forms to represent current data frame.
Preferably, the terminal ESAM chips relevant information is that terminal serial number, communication protocol version number and encryption are calculated
Method.
Set according to another aspect of the present invention there is provided a kind of safety application data link layer of power information acquisition system
It is standby, including:
Terminal, for tissue heartbeat message logging on communication server, sets up session with acquisition server and carries out data friendship
Mutual and progress reported data;
The communication server, is produced when carrying out between terminal and acquisition server for detecting and set up session and data interaction
The integrality and legitimacy of data frame;
Security gateway, the number produced when carrying out between terminal and acquisition server for detecting and set up session and data interaction
Encapsulation and the encrypting and decrypting of APP agreements or ssl protocol form are carried out according to the integrality and legitimacy of frame, to the data frame;
And
Acquisition server, for setting up session with terminal and carrying out data interaction and progress data processing.
The present invention on the basis of the existing application layer encryption agreement based on key and digital certificate management service system,
Power information acquisition system link layer encryption protection communication means is established, the security of power information acquisition system is added.
Brief description of the drawings
By reference to the following drawings, the illustrative embodiments of the present invention can be more fully understood by:
Fig. 1 is the safety application data link layer communications side of the power information acquisition system according to the preferred embodiment of the present invention
The flow chart of method;
Fig. 2 is according to the terminal tissue safety application data link layer SAL of preferred embodiment of the present invention logins, heartbeat message
The schematic flow sheet of logging on communication server;
Fig. 3 is the schematic flow sheet that session is actively initiated according to the acquisition server of the preferred embodiment of the present invention;
Fig. 4 is the schematic flow sheet that session is initiated according to the terminal request of the preferred embodiment of the present invention;
Fig. 5 is the schematic flow sheet that data interaction is initiated according to the acquisition server of the preferred embodiment of the present invention;
Fig. 6 is the schematic flow sheet of the terminal reported data according to the preferred embodiment of the present invention;And
Fig. 7 is the safety application data link layer device knot of the power information acquisition system according to the preferred embodiment of the present invention
Structure schematic diagram.
Embodiment
The illustrative embodiments of the present invention are introduced with reference now to accompanying drawing, however, the present invention can use many different shapes
Formula is implemented, and it is to disclose at large and fully there is provided these embodiments to be not limited to embodiment described herein
The present invention, and fully pass on the scope of the present invention to person of ordinary skill in the field.For showing for being illustrated in the accompanying drawings
Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements are attached using identical
Icon is remembered.
Unless otherwise indicated, term (including scientific and technical terminology) used herein has to person of ordinary skill in the field
It is common to understand implication.Further it will be understood that the term limited with usually used dictionary, is appreciated that and it
The linguistic context of association area has consistent implication, and is not construed as Utopian or excessively formal meaning.
Fig. 1 is the safety application data link layer communications side of the power information acquisition system according to the preferred embodiment of the present invention
The flow chart of method.As shown in figure 1, in the method 100, terminal organization security application data link layer SAL first is logged in, heartbeat report
Text is with logging on communication server, and the session then set up between terminal and acquisition server then initiates number by acquisition server
According to interaction, by terminal reported data, communication is completed.Wherein, data exchange process and terminal are initiated in the acquisition server
Carry out realizing number using ssl protocol form encapsulation of data during data interaction during reported data, between terminal and security gateway
According to encipherment protection, carried out between security gateway and acquisition server real using APP protocol formats encapsulation of data during data interaction
The encipherment protection of existing data.The encipherment protection of link transport is set up between security gateway and terminal, it is ensured that data are at end
The security transmitted between end and security gateway.Preferably, session is set up between terminal and acquisition server includes collection service
Device actively initiates session and terminal request initiates the mode that session is set up in two kinds of session.In actual use, power information is adopted
Collecting system according to actual conditions will set up the selection of conversational mode.
Fig. 2 is according to the terminal tissue safety application data link layer SAL login frames of the preferred embodiment of the present invention and heartbeat
The schematic flow sheet of message logging on communication server.As shown in Fig. 2 terminal organization security application data link layer SAL first is stepped on
Record, heartbeat message, and SAL logins, heartbeat message are sent to the communication server;The communication server receive SAL log in,
SAL logins, the integrality and legitimacy of heartbeat message are first checked for after heartbeat message, only when SAL logins, heartbeat message are complete
When whole and legal, the communication server can just log in SAL, heartbeat message is transmitted to security gateway, and now data coding identification is accorded with
C_APP value is 0, it was demonstrated that current SAL is logged in, heartbeat message is SSL form encapsulation of data;When SAL logins, heartbeat message be not complete
When whole and/or illegal, communication server composition denies that response SAL messages are sent to terminal, while this sign off;Communication
When server judges that SAL is logged in, heartbeat message is complete and legal, SAL is logged in, heartbeat message is sent to security gateway, safety
Gateway, which is received, equally judges SAL logins, the integrality and legitimacy of heartbeat message after SAL logins, heartbeat message, if SAL is stepped on
Record, heartbeat message are imperfect and/or illegal, then are made up of security gateway and deny response SAL messages and send to terminal;If
SAL is logged in, heartbeat message is complete and legal, then C_APP value is changed into 1 and logs in the SAL, heartbeat message is encapsulated as
Sent after APP protocol formats to acquisition server;Acquisition server receives the SAL logins after encapsulation, carried out after heartbeat message
Deblocking is handled, and is then generated the SAL login responses message of APP protocol formats and is sent to security gateway;Security gateway is received
The integrality and legitimacy of SAL login response messages are judged after SAL login response messages, if SAL login responses message it is complete and
It is legal, then C_APP value is changed to 0 and the SAL login response messages of APP protocol formats are converted into SSL forms, sent to logical
Telecommunications services device;The communication server sends SAL login response messages to correspondence according to the destination address of SAL login response messages
Terminal, terminal tissue safety application data link layer SAL log in, the server operation of heartbeat message logging on communication complete.It is preferred that
Ground, security gateway and the communication server are identical to the integrality of data and the method for validity judgement, are by checking
The coding rule of data frame judges the legitimacy of data, and the integrality of data is judged by checking data length.
Fig. 3 is the schematic flow sheet that session is actively initiated according to the acquisition server of the preferred embodiment of the present invention.Terminal with
Session is set up between acquisition server and actively initiates session and terminal request initiation session including acquisition server.Such as Fig. 3 institutes
Show, when acquisition server actively initiates session, be encrypted to form privately owned order and send by session key agreement data first
To security gateway, the request of SAL sessions is set up to notify security gateway to be sent to terminal;Security gateway receives privately owned order
Afterwards, using the privately owned order of public key decryptions of acquisition server, session key agreement data are obtained, composition sets up session request SAL
Data frame is sent to the communication server;The communication server according to the destination address for setting up session request SAL data frames received,
Session request SAL data frames will be set up and send terminal corresponding to destination address;What end-on was received sets up session request SAL
Data frame carries out data parsing, and verifies acquisition server identity, produces the data for setting up session confirmation and utilizes terminal ESAM
The cryptographic protocol included in chip is encrypted, and setting up session response SAL data frames with composition is sent to the communication server;Communication
Server receives the integrality and legitimacy for setting up and being checked after session response SAL data frames and setting up session response SAL data frames,
If it is imperfect or illegal to set up session response SAL data frames, communication server composition is denied response SAL messages and sent extremely
Terminal, if it is complete and legal to set up session response SAL data frames, will set up session response SAL data frames and send to safety net
Close;Security gateway, which is received, sets up the same integrality for judging to set up session response SAL data frames after session response SAL data frames
And legitimacy, if setting up, session response SAL data frames are complete and legal, utilize the encryption chip included in terminal ESAM chips
Public key be decrypted and set up session response SAL data frames, will obtain setting up the data of session confirmation and be encapsulated as APP agreement lattice
Sent after formula to acquisition server;Acquisition server receives the data for setting up session confirmation of the APP protocol formats, deblocking
Record terminal sets up the result of session afterwards.Preferably, the method for checking acquisition server identity is to be tested by digital certificate signature
Label mode is realized.
Fig. 4 is the schematic flow sheet that session is initiated according to the terminal request of the preferred embodiment of the present invention.Shown in figure Fig. 4, eventually
When session is initiated in end request, terminal embedded type security control (ESAM) chip relevant information is obtained first, and meeting is set up in composition request
SAL data frames are talked about, the communication server is sent to;The communication server receives after session SAL data frames are set up in request and detects that its is complete
Whole property and legitimacy, if to set up session SAL data frames imperfect or illegal for request, communication server composition denies response
SAL messages are simultaneously sent to terminal, and terminal request is initiated session flow and terminated;If request is set up session SAL data frames completely and closed
Method, then set up session SAL data frames by request and send to security gateway;Security gateway receives request and sets up session SAL data
Its integrality and legitimacy are judged after frame, if session SAL data frames are set up in request imperfect or illegal, security gateway composition
Deny response SAL messages and send to terminal, terminal request is initiated session flow and terminated;If session SAL data frames are set up in request
It is complete and legal, then it is changed to 1 by C_APP value and the request is set up into session SAL data frames be encapsulated as after APP protocol formats
Send to acquisition server;Acquisition server the request after encapsulation is set up session SAL data frames carry out deblocking processing, and according to
Actual conditions composition confirms SAL acknowledgement frames or denies SAL acknowledgement frames, sends to security gateway;Security gateway receives confirmation
SAL acknowledgement frames are denied after SAL acknowledgement frames, C_APP value are changed into 0, and will confirm that SAL acknowledgement frames or deny that SAL should
Answer frame to be encapsulated as sending after ssl protocol form to the communication server, the communication server is again by the confirmation SAL acknowledgement frames after encapsulating
Or deny that SAL acknowledgement frames are sent to terminal.Preferably, terminal ESAM chips relevant information is terminal serial number, communication protocol
Version number and AES.
Fig. 5 is the schematic flow sheet that data interaction is initiated according to the acquisition server of the preferred embodiment of the present invention.Terminal with
Acquisition server is set up after session, and data interaction is initiated by acquisition server, as shown in figure 5, acquisition server constitutes bright first
Literary 1376.1/OOP data frames are simultaneously sent to security gateway, and OOP here refers to task data, and 1376.1/OOP data frames are symbol
Close part 1 in Q/GDW1376.1-2012 power user power consumption information acquisition system communication protocols:Main website leads to acquisition terminal
Believe agreement task data frame;The integrality and legitimacy for the plaintext 1376.1/OOP data frames that security gateway detection is received, if
Plaintext 1376.1/OOP data frames are complete and legal, C_APP value are changed into 0, and plaintext 1376.1/OOP data frames are carried out
The SAL data frames of ssl protocol form are encrypted and be encapsulated as using the public key of terminal, are sent to the communication server;Communication clothes
Device be engaged in then according to the destination address of SAL data frames, the SAL data frames are sent to corresponding terminal;What end-on was received
SAL data frames are decrypted by terminal secret key, obtain plaintext 1376.1/OOP data frames, are constituted in plain text after data processing
1376.1/OOP reply data frames, SAL reply data frame ciphertexts are constituted after the private key encryption of terminal and are sent to communication clothes
Business device;The integrality and legitimacy for the SAL reply data frame ciphertexts that communication server detection is received, when SAL reply data frames
When ciphertext is complete and legal, SAL reply data frame ciphertexts are forwarded to security gateway;The SAL that security gateway detection is received should
The integrality and legitimacy of data frame ciphertext are answered, if SAL reply data frame ciphertexts are complete and legal, the public key pair of terminal is utilized
SAL reply data frame ciphertexts, which are decrypted, obtains plaintext 1376.1/OOP reply data frames, C_APP value is changed into 1 and will be bright
The data that literary 1376.1/OOP reply datas frame is encapsulated as APP protocol formats are sent to acquisition server;Acquisition server is received
After plaintext 1376.1/OOP reply data frames after to encapsulation, handled according to plaintext 1376.1/OOP reply data frames.
Fig. 6 is the schematic flow sheet of the terminal reported data according to the preferred embodiment of the present invention.As shown in fig. 6, in terminal
Count off according to when, firstly generate plaintext 1376.1/OOP data frames, SAL data frames ciphertexts formed after terminal secret key is encrypted and is sent
To the communication server;The integrality and legitimacy for the SAL data frame ciphertexts that communication server detection is received, if SAL data frames
Ciphertext is imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal, terminal reported data stream
Journey terminates;If SAL data frame ciphertexts are complete and legal, SAL data frame ciphertexts are sent to security gateway;Security gateway is detected
The integrality and legitimacy of the SAL data frame ciphertexts received, if SAL data frame ciphertexts are imperfect or illegal, safety net
Close composition and deny response SAL messages and send to terminal that terminal reported data flow terminates;If SAL data frames ciphertext it is complete and
It is legal, then it is plaintext 1376.1/OOP data frames using terminal public key decryption by SAL data frames ciphertext, C_APP value is changed to 1
And be encapsulated as plaintext 1376.1/OOP data frames to send to acquisition server after APP protocol formats;Acquisition server is received
After plaintext 1376.1/OOP data frames after encapsulation, handled according to plaintext 1376.1/OOP data frames, composition is in plain text
1376.1/OOP reply data frames are sent to security gateway;The plaintext 1376.1/OOP reply datas that security gateway detection is received
The integrality and legitimacy of frame, if plaintext 1376.1/OOP reply data frames are complete and legal, 0 is changed to by C_APP value, and
Plaintext 1376.1/OOP reply datas frame is encrypted using the public key of terminal and the SAL responses of ssl protocol form are encapsulated as
Data frame ciphertext, sends to the communication server;The communication server, should by SAL according to the destination address of SAL reply data frame ciphertexts
Answer data frame ciphertext and be sent to corresponding terminal;Terminal is received to be decrypted after SAL reply data frame ciphertexts and obtained in plain text
1376.1/OOP reply data frames, and data processing is carried out according to plaintext 1376.1/OOP reply datas content frame.
Fig. 7 is the safety application data link layer device knot of the power information acquisition system according to the preferred embodiment of the present invention
Structure schematic diagram.As shown in fig. 7, the safety application data link layer device 700 of power information acquisition system includes terminal 701, led to
Telecommunications services device 702, security gateway 703 and acquisition server 704, wherein the number of terminal 701 is no more than acquisition server
Can be multiple in 704 collection limitation.Preferably, terminal 701 be used for tissue heartbeat message logging on communication server 702, with
Acquisition server 704 sets up session and carries out data interaction and carry out reported data.Preferably, the communication server 702 is used for
Detection terminal 701 and acquisition server 703 between carry out set up the data frame produced when session and data interaction integrality and
Legitimacy.Preferably, security gateway 703 is used to detect carries out setting up session and data between terminal 701 and acquisition server 704
The integrality of data frame and legitimacy that are produced during interaction, the encapsulation for carrying out to data frame APP agreements or ssl protocol form and
Encrypting and decrypting.Preferably, acquisition server 704 is used to set up session with terminal 701 and carries out data interaction and carry out data
Processing.
The present invention is described by reference to a small amount of embodiment.However, it is known in those skilled in the art, as
What subsidiary Patent right requirement was limited, except the present invention other embodiments disclosed above equally fall the present invention's
In the range of.
Normally, all terms used in the claims are all solved according to them in the usual implication of technical field
Release, unless clearly defined in addition wherein.All references " one/described/be somebody's turn to do [device, component etc.] " are all opened ground
At least one example in described device, component etc. is construed to, unless otherwise expressly specified.Any method disclosed herein
Step need not all be run with disclosed accurate order, unless explicitly stated otherwise.
Claims (10)
1. a kind of safety application data link layer communications method of power information acquisition system, including:
Terminal tissue safety application data link layer SAL is logged in, heartbeat message is with logging on communication server;
Session is set up between terminal and acquisition server;
Acquisition server initiates data interaction;
Terminal reported data;
Wherein, during the acquisition server initiates data exchange process and terminal reported data, terminal and safety net
Carry out realizing the encipherment protection of data, security gateway and collection between pass using ssl protocol form encapsulation of data during data interaction
Carry out realizing the encipherment protection of data between server using APP protocol format encapsulation of data during data interaction.
2. according to the method described in claim 1, it is characterised in that setting up session between the terminal and acquisition server includes
Acquisition server actively initiates session and terminal request initiates session.
3. according to the method described in claim 1, it is characterised in that the terminal tissue safety application data link layer SAL is stepped on
Record, heartbeat message logging on communication server are:
Terminal tissue safety application data link layer SAL log in, heartbeat message, and by the SAL log in, heartbeat message send to
The communication server;
The communication server judges the SAL logins, the integrality and legitimacy of heartbeat message, if the SAL is logged in, heartbeat message
Imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal;If SAL is logged in, heartbeat message
It is complete and legal, then the SAL is logged in, heartbeat message is sent to security gateway;
Security gateway judges the SAL logins, the integrality and legitimacy of heartbeat message, if SAL logins, heartbeat message are not
Complete or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If SAL is logged in, heartbeat message is complete
And it is legal, then the value for data coding identification being accorded with into C_APP is changed to 1 and logs in the SAL, heartbeat message is encapsulated as APP agreements
Sent after form to acquisition server;
Acquisition server is logged in the SAL after the encapsulation, heartbeat message carries out deblocking processing, then generates APP protocol formats
SAL login responses message and send to security gateway;
Security gateway judges the integrality and legitimacy of the SAL login responses message, if the SAL login responses message is complete
And it is legal, then C_APP value is changed to 0 and the SAL login response messages of the APP protocol formats are converted into SSL forms, sent out
Deliver to the communication server;
The communication server sends the SAL login responses message to right according to the destination address of the SAL login responses message
The terminal answered.
4. method according to claim 2, it is characterised in that the acquisition server actively initiates session and is:
Session key agreement data are encrypted to form privately owned order and send to security gateway for acquisition server, to notify peace
Full gateway sends the request for setting up SAL sessions to terminal;
Security gateway decrypts the privately owned order, obtains session key agreement data, C_APP value is set into 0, composition sets up meeting
Words request SAL data frames simultaneously use ssl protocol form to be sent to the communication server after encapsulating;
The communication server will set up session request SAL data frames according to the destination address for setting up session request SAL data frames
Send to the corresponding terminal of destination address;
Session request SAL data frames are set up described in terminal-pair and carry out data parsing, and verify the acquisition server identity, are produced
Set up session confirmation data and be encrypted using terminal secret key, with constitute set up session response SAL data frames be sent to it is logical
Telecommunications services device;
The communication server checks the integrality and legitimacy for setting up session response SAL data frames, if it is described set up session should
Answer SAL data frames imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal, if described
Set up session response SAL data frames complete and legal, then send the session response SAL data frames of setting up to security gateway;
Security gateway judges the integrality and legitimacy for setting up session response SAL data frames, if described set up session response
SAL data frames are complete and legal, then set up session response SAL data frames using terminal public key decryption is described, C_APP value is changed
1 and the data for obtaining setting up session confirmation to be encapsulated as sending to acquisition server after APP protocol formats;
Acquisition server receives the data for setting up session confirmation of the APP protocol formats, unseals and records terminal and sets up meeting
The result of words.
5. method according to claim 2, it is characterised in that the terminal request initiates session and is:
Terminal obtains terminal embedded type security control (ESAM) chip relevant information, and composition request sets up session SAL data frames simultaneously
It is encapsulated as after ssl protocol form, is sent to the communication server;
The communication server detection integrality and legitimacy for asking to set up session SAL data frames, if meeting is set up in the request
Talk about SAL data frames imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal;If request
Set up session SAL data frames complete and legal, then the request is set up into session SAL data frames sends to security gateway;
Security gateway judges the integrality and legitimacy for asking to set up session SAL data frames, if session is set up in the request
SAL data frames are imperfect or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If request is set up
Session SAL data frames are complete and legal, then are changed to 1 by C_APP value and the request is set up into session SAL data frames be encapsulated as
Sent after APP protocol formats to acquisition server;
Acquisition server sets up session SAL data frames to the request after the encapsulation and carries out deblocking processing, and composition confirms/denied
SAL acknowledgement frames, send to security gateway;
C_APP value is changed to 0 by security gateway, will confirm that/deny that SAL acknowledgement frames are encapsulated as sending after ssl protocol form to logical
Telecommunications services device, the communication server is again by the confirmation after encapsulating/deny that SAL acknowledgement frames are sent to terminal.
6. according to the method described in claim 1, it is characterised in that the acquisition server initiates data interaction and is:
Acquisition server composition plaintext 1376.1/ task data (OOP) data frame is simultaneously sent to security gateway;
Security gateway detects the integrality and legitimacy of the plaintext 1376.1/OOP data frames, if the plaintext 1376.1/OOP
Data frame is complete and legal, C_APP value is changed into 0, and plaintext 1376.1/OOP data frames are carried out into the public key based on terminal
The SAL data frames of ssl protocol form are encrypted and be encapsulated as, are sent to the communication server;
The SAL data frames are sent to corresponding terminal by the communication server according to the destination address of SAL data frames;
Terminal-pair SAL data frames are decrypted, and obtain plaintext 1376.1/OOP data frames, are constituted in plain text after data processing
1376.1/OOP reply data frames, constitute SAL reply data frame ciphertexts and send to the communication server after encryption;
The communication server detects the integrality and legitimacy of the SAL reply datas frame ciphertext, if the SAL reply datas frame is close
Text is complete and legal, then the SAL reply datas frame ciphertext is forwarded into security gateway;
Security gateway detects the integrality and legitimacy of the SAL reply datas frame ciphertext, if the SAL reply datas frame ciphertext
Complete and legal, decryption obtains plaintext 1376.1/OOP reply data frames, and C_APP value is changed into 1 and plaintext 1376.1/ is incited somebody to action
The data that OOP reply data frames are encapsulated as APP protocol formats are sent to acquisition server;
Acquisition server is received after the plaintext 1376.1/OOP reply data frames after encapsulation, according to plaintext 1376.1/OOP responses
Data frame is handled.
7. according to the method described in claim 1, it is characterised in that the terminal reported data is:
Terminal generates plaintext 1376.1/OOP data frames, and SAL data frame ciphertexts are formed after encryption and are sent to the communication server;
The communication server detects the integrality and legitimacy of SAL data frame ciphertexts, if the SAL data frames ciphertext is imperfect or not
Legal, then communication server composition is denied response SAL messages and sent to terminal;If SAL data frame ciphertexts are complete and legal,
The SAL data frames ciphertext is sent to security gateway;
Security gateway detects the integrality and legitimacy of the SAL data frames ciphertext, if the SAL data frames ciphertext it is imperfect or
Illegal, then security gateway composition is denied response SAL messages and sent to terminal;If SAL data frame ciphertexts are complete and legal,
It is plaintext 1376.1/OOP data frames by the decryption of SAL data frames ciphertext, C_APP value is changed to 1 and by the plaintext 1376.1/
OOP data frames are encapsulated as sending to acquisition server after APP protocol formats;
Acquisition server is received after the plaintext 1376.1/OOP data frames after encapsulation, is entered according to plaintext 1376.1/OOP data frames
Row processing, composition plaintext 1376.1/OOP reply data frames are sent to security gateway;
Security gateway detects the integrality and legitimacy of the plaintext 1376.1/OOP reply data frames, if the plaintext
1376.1/OOP reply data frames are complete and legal, then C_APP value are changed into 0, and by plaintext 1376.1/OOP reply datas
Frame is encrypted using terminal public key and is encapsulated as the SAL reply data frame ciphertexts of ssl protocol form, is sent to communication service
Device;
The SAL reply datas frame ciphertext is sent to phase by the communication server according to the destination address of SAL reply data frame ciphertexts
The terminal answered;
Terminal, which receives to be decrypted after SAL reply data frame ciphertexts, obtains plaintext 1376.1/OOP reply data frames, and according to bright
Literary 1376.1/OOP reply datas content frame carries out data processing.
8. the method according to any one in claim 3,5,6,7, it is characterised in that when C_APP value is 0, table
Show that current data frame encapsulates for ssl protocol form, when C_APP value is 1, represent that current data frame seals for APP forms
Dress.
9. method according to claim 5, it is characterised in that the terminal ESAM chips relevant information is terminal serial
Number, communication protocol version number and AES.
10. a kind of safety application data link layer device of power information acquisition system, including:
Terminal, for tissue heartbeat message logging on communication server, with acquisition server set up session and carry out data interaction with
And carry out reported data;
The communication server, the data produced when carrying out between terminal and acquisition server for detecting and set up session and data interaction
The integrality and legitimacy of frame;
Security gateway, the data frame produced when carrying out between terminal and acquisition server for detecting and set up session and data interaction
Integrality and legitimacy, the encapsulation and the encrypting and decrypting that carry out to the data frame APP agreements or ssl protocol form;And
Acquisition server, for setting up session with terminal and carrying out data interaction and progress data processing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710197813.8A CN106941491B (en) | 2017-03-29 | 2017-03-29 | Safety application data link layer equipment of electricity utilization information acquisition system and communication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710197813.8A CN106941491B (en) | 2017-03-29 | 2017-03-29 | Safety application data link layer equipment of electricity utilization information acquisition system and communication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106941491A true CN106941491A (en) | 2017-07-11 |
CN106941491B CN106941491B (en) | 2020-08-21 |
Family
ID=59463947
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710197813.8A Active CN106941491B (en) | 2017-03-29 | 2017-03-29 | Safety application data link layer equipment of electricity utilization information acquisition system and communication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106941491B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107634889A (en) * | 2017-10-17 | 2018-01-26 | 珠海格力电器股份有限公司 | A kind of device intelligence Synergistic method and device |
CN108769072A (en) * | 2018-07-03 | 2018-11-06 | 湖北文理学院 | Establish the method, apparatus and communication system of connection |
CN109309688A (en) * | 2018-12-04 | 2019-02-05 | 长园深瑞继保自动化有限公司 | New energy power station progress control method based on cloud monitoring and Data Encryption Transmission |
CN109615742A (en) * | 2018-12-11 | 2019-04-12 | 深圳市万物云科技有限公司 | A kind of wireless entrance guard control method and device based on LoRaWAN |
CN110111094A (en) * | 2019-05-17 | 2019-08-09 | 充之鸟(深圳)新能源科技有限公司 | Electricity charge Automated Clearing House system and method between charging pile operator and property |
CN110225004A (en) * | 2019-05-24 | 2019-09-10 | 武汉虹信技术服务有限责任公司 | A kind of data collection system and method for community security protection weak electronic system |
CN110278280A (en) * | 2019-06-27 | 2019-09-24 | 江苏中海昇物联科技有限公司 | Building site data integrated system and integration method based on Internet of Things |
CN113163395A (en) * | 2020-01-07 | 2021-07-23 | 阿里巴巴集团控股有限公司 | Method and device for communication between terminal and server and key configuration |
CN114422256A (en) * | 2022-01-24 | 2022-04-29 | 南京南瑞信息通信科技有限公司 | High-performance security access method and device based on SSAL/SSL protocol |
CN116074048A (en) * | 2022-12-20 | 2023-05-05 | 广州辰创科技发展有限公司 | High-speed thing allies oneself with intelligent gateway equipment system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
WO2012097489A1 (en) * | 2011-01-19 | 2012-07-26 | 四川电力科学研究院 | Intelligent electric meter centralized recharging terminal and control method thereof |
CN104123134A (en) * | 2014-07-07 | 2014-10-29 | 四川中电启明星信息技术有限公司 | Intelligent electricity use data management method and system based on AMI and J2EE |
CN104243595A (en) * | 2014-09-24 | 2014-12-24 | 国家电网公司 | IPv6 (Internet protocol version 6) based electricity information collection system and method |
WO2015192174A1 (en) * | 2014-06-20 | 2015-12-23 | Kortek Industries Pty Ltd | Wireless power control, metrics and management |
CN106411907A (en) * | 2016-10-13 | 2017-02-15 | 广西咪付网络技术有限公司 | Data transmission method and system |
-
2017
- 2017-03-29 CN CN201710197813.8A patent/CN106941491B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
WO2012097489A1 (en) * | 2011-01-19 | 2012-07-26 | 四川电力科学研究院 | Intelligent electric meter centralized recharging terminal and control method thereof |
WO2015192174A1 (en) * | 2014-06-20 | 2015-12-23 | Kortek Industries Pty Ltd | Wireless power control, metrics and management |
CN104123134A (en) * | 2014-07-07 | 2014-10-29 | 四川中电启明星信息技术有限公司 | Intelligent electricity use data management method and system based on AMI and J2EE |
CN104243595A (en) * | 2014-09-24 | 2014-12-24 | 国家电网公司 | IPv6 (Internet protocol version 6) based electricity information collection system and method |
CN106411907A (en) * | 2016-10-13 | 2017-02-15 | 广西咪付网络技术有限公司 | Data transmission method and system |
Non-Patent Citations (1)
Title |
---|
赵兵,高欣,翟峰,陈鹏,王鑫: "面向用电信息采集系统的双向认证协议", 《电网技术》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107634889B (en) * | 2017-10-17 | 2019-12-03 | 珠海格力电器股份有限公司 | A kind of device intelligence Synergistic method and device |
CN107634889A (en) * | 2017-10-17 | 2018-01-26 | 珠海格力电器股份有限公司 | A kind of device intelligence Synergistic method and device |
CN108769072A (en) * | 2018-07-03 | 2018-11-06 | 湖北文理学院 | Establish the method, apparatus and communication system of connection |
CN109309688A (en) * | 2018-12-04 | 2019-02-05 | 长园深瑞继保自动化有限公司 | New energy power station progress control method based on cloud monitoring and Data Encryption Transmission |
CN109615742A (en) * | 2018-12-11 | 2019-04-12 | 深圳市万物云科技有限公司 | A kind of wireless entrance guard control method and device based on LoRaWAN |
CN110111094A (en) * | 2019-05-17 | 2019-08-09 | 充之鸟(深圳)新能源科技有限公司 | Electricity charge Automated Clearing House system and method between charging pile operator and property |
CN110225004B (en) * | 2019-05-24 | 2021-11-09 | 武汉虹信技术服务有限责任公司 | Data acquisition system and method for community security weak current subsystem |
CN110225004A (en) * | 2019-05-24 | 2019-09-10 | 武汉虹信技术服务有限责任公司 | A kind of data collection system and method for community security protection weak electronic system |
CN110278280A (en) * | 2019-06-27 | 2019-09-24 | 江苏中海昇物联科技有限公司 | Building site data integrated system and integration method based on Internet of Things |
CN113163395A (en) * | 2020-01-07 | 2021-07-23 | 阿里巴巴集团控股有限公司 | Method and device for communication between terminal and server and key configuration |
CN114422256A (en) * | 2022-01-24 | 2022-04-29 | 南京南瑞信息通信科技有限公司 | High-performance security access method and device based on SSAL/SSL protocol |
CN114422256B (en) * | 2022-01-24 | 2023-11-17 | 南京南瑞信息通信科技有限公司 | High-performance security access method and device based on SSAL/SSL protocol |
CN116074048A (en) * | 2022-12-20 | 2023-05-05 | 广州辰创科技发展有限公司 | High-speed thing allies oneself with intelligent gateway equipment system |
CN116074048B (en) * | 2022-12-20 | 2023-11-14 | 广州辰创科技发展有限公司 | High-speed thing allies oneself with intelligent gateway equipment system |
Also Published As
Publication number | Publication date |
---|---|
CN106941491B (en) | 2020-08-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106941491A (en) | The safety application data link layer device and communication means of power information acquisition system | |
US10547594B2 (en) | Systems and methods for implementing data communication with security tokens | |
CN109088870B (en) | Method for safely accessing acquisition terminal of power generation unit of new energy plant station to platform | |
CN103491072B (en) | A kind of border access control method based on double unidirection insulation network brakes | |
JP3688830B2 (en) | Packet transfer method and packet processing apparatus | |
CN101371550B (en) | Method and system for automatically and freely providing user of mobile communication terminal with service access warrant of on-line service | |
CN102347870B (en) | A kind of flow rate security detection method, equipment and system | |
US20060206433A1 (en) | Secure and authenticated delivery of data from an automated meter reading system | |
CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
CN101558599B (en) | Client device, mail system, program, and recording medium | |
CN111918284B (en) | Safe communication method and system based on safe communication module | |
CN106685775A (en) | Self-inspection type invasion prevention method and system for intelligent household electrical appliance | |
CN104869111B (en) | A kind of trusted end-user access authentication system and method | |
CN104283675A (en) | Concentrator, electricity meter and message processing method of concentrator and electricity meter | |
CN111988328A (en) | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station | |
CN101729871B (en) | Method for safe cross-domain access to SIP video monitoring system | |
CN112911588A (en) | Lightweight narrowband Internet of things secure transmission method and system | |
KR102190618B1 (en) | Apparatus and method for securing train control message | |
CN114157509B (en) | Encryption method and device with SSL and IPsec based on cryptographic algorithm | |
CN104065660A (en) | Remote host access control method | |
CN210839642U (en) | Device for safely receiving and sending terminal data of Internet of things | |
CN110881026A (en) | Method and system for authenticating identity of information acquisition terminal user | |
CN115208696B (en) | Remote communication method and device for substation telecontrol device | |
Mei et al. | Realization of communication security in substation | |
CN115835194B (en) | NB-IOT terminal safety access system and access method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |